Case Templates allow you to codify your SOPs into case management workflows. Phantom supports custom and industry standard templates, like the included NIST-800-61 template for incident response. You are able to divide tasks into phases (e.g. detection, analysis, containment, eradication, and recovery), assign tasks to team members, document work, and more. You can also embed automation actions and playbooks directly into the templates that you define.
The Notes area of Mission Control and Case Management allow you to collect and collaborate around information from any source. It eliminates the need for you to switch between multiple tabs, rely on copy/paste buffers, or manually collect important data points using external applications or hand-written notes.
The vault area of the Phantom Platform allows you to collect and attach evidence and other relevant content to your events and cases. Whether it’s binaries or text-based files, Phantom stores and links the content, making it available for viewing or as a parameter for automated or manual actions. This integration further improves your efficiency by keeping everything you need to understand, decide, and act within a single view.